Тип плитки: Керамическая плитка. Применение: Ванная, Гостиная, Кухня. Тип элемента: Настенная плитка. Ширина (см): 20. Длина (см): 20. Толщина (мм): 6.9. Поверхность: Матовая, Гладкая. Дизайн: Однотонный. Цвет: Коричневый. Количество штук в упаковке: 35. Размер упаковки (кв. м): 1.4 Настенная плитка Kerama Marazzi Калейдоскоп 5218 N Коричневый 20×20 Дизайн Однотонный Длина (см) 20 Количество штук в […]
Affected versions of Sylius give attackers the ability to switch channels via the _channel_code GET parameter in production environments. This was meant to be enabled only when kernel.debug is set to true. However, if no sylius_channel.debug is set explicitly in the configuration, the default value which is kernel.debug will be not resolved and cast to boolean, enabling this debug feature even if that parameter is set to false. Patch has been provided for Sylius 1.3.x and newer - 1.3.16, 1.4.12, 1.5.9,…
The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled navigation within PDFs, which allowed a remote attacker to temporarily spoof the contents of the Omnibox (URL bar) via a crafted HTML page containing PDF data.
A SQL Injection issue was discovered in SageCRM 7.x before 7.3 SP3. The AP_DocumentUI.asp web resource includes Utilityfuncs.js when the file is opened or viewed. This file crafts a SQL statement to identify the database that is to be in use with the current user's session. The database variable can be populated from the URL, and when supplied non-expected characters, can be manipulated to obtain access to the underlying database. The /CRM/CustomPages/ACCPAC/AP_DocumentUI.asp?SID=&database=1';WAITFOR DELAY